]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 576892d) | patch
Fix DH ASN1 decode so that it detects named groups.
authorShane Lontis <shane.lontis@oracle.com>
Wed, 17 Feb 2021 03:13:51 +0000 (13:13 +1000)
committerShane Lontis <shane.lontis@oracle.com>
Fri, 19 Feb 2021 09:25:24 +0000 (19:25 +1000)
commiteabb3014165a1319ceb8a69cc135feb99f288293
tree45827f8e564e26cfa4d4d799078260ec439748d7tree
parent576892d78f80cf9a169e7f766319c843e430f378commit | diff
Fix DH ASN1 decode so that it detects named groups.

The dh->nid was not being set if the loaded p,g matched an inbuilt named
group for "DH".

NOTE: The "DHX" related path already worked since it calls DH_set0_pqg()
(which does the name group check).

This bug was detected when new tests were added for dh5114 groups, combined
with the no-cache tests i.e. loading+import+export set the nid,
but just loading did not.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14207)
crypto/dh/dh_asn1.c diff | blob | blame | history
test/recipes/20-test_dhparam_check.t diff | blob | blame | history
test/recipes/20-test_dhparam_check_data/valid/dh_ffdhe2048.pem [new file with mode: 0644] blob
test/recipes/20-test_dhparam_check_data/valid/dhx_ffdhe2048.pem [new file with mode: 0644] blob
Mirror of https://github.com/openssl/openssl.git